Contents

Internet Explorer started supporting extensions from version 5 released in 1999.[2]Firefox has supported extensions since its launch in 2004. The Opera desktop web browser supported extensions from version 10 released in 2009. Google Chrome started supporting extensions from version 4 released in 2010. Safari started supporting native extensions from version 5 released in 2010. Microsoft Edge started supporting limited extensions in March 2016.[3][4]

The syntax for extensions may be quite different from browser to browser, or at least different enough that an extension working on one browser does not work on another. As for search engine tools, an attempt to bypass this problem is the multi-tag strategy proposed by the project Mycroft, a database of search engine add-ons working on different browsers.[5]

Browser extensions are used for improving a browser's user interface, security or accessibility, blocking advertisements, and various other features to make browsing the internet easier and more pleasant. There are many types of extensions that can be used to control various aspects of browsing privacy and mitigate threats. For instance, they may prevent third parties from tracking the user's movements, block ads and scripts, or enforce good habits.[10]

A browser toolbar is a common type of browser extensions that alters the user interface. It is a toolbar that resides within a browser's window. All major web browsers provide support for browser toolbars as a way to extend the browser's UI and functionality. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one.

Browser extension development is the actual creation of an extension for a specific browser. Each browser type has its own architecture and application programming interfaces (APIs) to build the extensions, which requires different code and skills for each extension. The original API was NPAPI. It was first developed for Netscape browsers, starting in 1995 with Netscape Navigator 2.0, but was subsequently adopted by other browsers. Microsoft did not adopt this API for Internet Explorer and instead chose ActiveX for contents-altering plugins. The browser-altering plugins, called Browser Helper Objects, were designed based on a Component Object Model (COM) interface. Google later introduced the PPAPI interface in Chrome, even though its mainstream Google Chrome extensions are built using web technologies such as HTML5, JavaScript and CSS.[1] Firefox has supported or supports many technologies for developing what it calls "Mozilla add-ons", including NPAPI, XUL, XPI, XPCOM, XPConnect and JetPack, as well as web technologies such as HTML5, JavaScript and CSS. Its WebExtensions API is compatible with the extensions APIs of Google Chrome and Microsoft Edge.[11]

Browser extensions have access to everything done by the browser, and can do things like inject ads into web pages, or make "background" HTTP requests to third-party servers. While web pages are constrained by the security model of the web browser (in particular, the same-origin policy), extensions are not. As a result, a malicious browser extension may take action against the interest of the user that installed it. Such browser extensions are a form of malware. Some software downloads come with unwanted bundled programs that install browser extensions without a user's knowledge, while making it hard for the user to uninstall the extension.[12]

In 2012, a security researcher "developed a remote-controlled piece of malware that functions as a browser extension and is capable of modifying web pages, downloading and executing files, hijacking accounts, bypassing two-factor authentication security features enforced by some websites, and much more." [13] In May 2013, Microsoft reported discovering a browser extension for Chrome and Firefox that "tries to hijack Facebook profiles" in Brazil.[14]

Some Google Chrome extension developers have sold extensions they made to third-party companies who silently push unwanted updates that incorporate previously non-existent adware into the extensions.[15][16] In January 2014, Google removed two extensions from its store due to violations of its own terms of service. The decision to remove the two extensions, "Add to Feedly" and "Tweet This Page", arose when users noticed these extensions created unwanted pop up ads, after the extensions had been sold by their developers to third parties.[17]

Five percent of computer browser visits to Google-owned websites are altered by computer programs that inject their own ads into pages.[18][19][20] Researchers have identified 50,870 Google Chrome extensions and 34,407 programs that injected ads. Thirty-eight percent of extensions and 17 percent of programs were catalogued as malicious software, the rest being potentially unwanted adware.